New cyber authorities in new DHS legislation

Tom O'Keefecybersecurity, department of homeland securityBy Tom O’Keefe, consultant

A bill that has just made its way through the House would finally reauthorize the Department of Homeland Security, which has only been authorized once, in 2002.

There are several cyber provisions included in the House bill, which could mean a lot of opportunity for cybersecurity vendors if it ends up passing in the Senate (where it has, unfortunately, stalled before). But there’s a good chance that even if the bill doesn’t pass, we’ll see some of the additional authorities and responsibilities making their way to DHS components anyway.

Most of the specific provisions in the bill of interest here are ones that require certain components to own responsibility for cybersecurity of various locations. For example, the Transportation Security Administration would be responsible for assessing the cybersecurity of aviation systems, including airports and airlines, developing an information sharing project across the airline industry and assessing the vulnerabilities of the systems that house TSA PreCheck.

Read more of this post

What You Need to Know About CDM’s Latest Update

Jenni Taylor_65x85CDM eventBy Jenni Taylor, Contracts Programs Manager

immixGroup’s headquarters was a flurry of activity recently when we brought in tech companies to meet with contractors on the Department of Homeland Security’s Continuous Diagnostic and Mitigation program. It was our 4th CDM Speed Networking event, in support of CDM team leads, prime contractors and CDM providers and customers—something we organize every time the program is about to cross into a new phase.

We’ve had some updates since the event, with the most recent being a Request for Information (RFI) released this month that asks for industry input on Phase III capabilities and technologies. The RFI specifically wants to hear about secure orchestration, emerging data standards, and analytics tools to support timely detection and response to cyber events.

Read more of this post

DHS Wants to Hear from You

Tom O'KeefeDHS and industryBy Tomas O’Keefe, Consultant

Industry engagement seems to be the new focus at the Department of Homeland Security (DHS) as Luke McCormack, the chief information officer, and Soraya Correa, the chief procurement officer, have made it a point to ramp up outreach to the private sector. This summer looks to continue this trend of engagement with several activities and requests for information (RFI) that technology vendors will want to keep their eyes on.

First, the department has reached out to industry to gauge the viability of a DHS-specific contract for agile design and development. The RFI includes a draft scope of the proposed vehicle based on work done by the US Digital Services team in developing the Digital Services Playbook.

Read more of this post

Is the Workforce Ready and Able to Fight Cyber Threats?

Lloyd McCoy Jr.By Lloyd McCoy Jr., DOD Manager

The federal spymuseumevent-0281government’s cyber workforce will be the biggest determining factor in how
well government agencies tackle the rising cyber threat. That was the prevailing theme at the Federal Cybersecurity Update 2016 held at the International Spy Museum earlier this week. The event was organized by immixGroup, FedInsider, and George Washington University Center for Excellence in Public Leadership.

Leading representatives from the federal government and academia emphasized the importance of an effective cyber workforce. They also pointed out that the general workforce should be considered cyber defenders since they have a huge responsibility in mitigating vulnerabilities by using proper cyber hygiene. Many of the panelists admitted they frequently spear phish their employees to boost awareness and enforce commonsense practices.

Read more of this post

DHS’s New Years Resolution: A Budget

Tomas OKeefe_65x85Tomas O’Keefe, Consultant, Market Intelligence

NewYear1When Congress voted last year to give appropriations to federal agencies, there was one glaring omission: the Department of Homeland Security. Due to furor over executive actions on immigration taken by President Obama, Congress passed a Continuing Resolution for DHS until the end of February, so expect conversations on the Hill to be geared toward how to fund the Department while attempting to address the President’s executive action; this could affect two departmental components in particular, Immigration and Customs Enforcement (ICE) and the U.S. Citizenship and Immigration Services (USCIS).
Read more of this post

DHS’s Lessons Learned from Heartbleed

Tomas OKeefe_65x85

by Tomas O’Keefe, Senior Analyst

Virus DetectedAt a recent Washington Post event on cybersecurity recognizing National Cybersecurity Awareness Month, Deputy Secretary of Homeland Security, Alejandro Mayorkas, spoke of DHS’s “dire need” for cybersecurity legislation that better enables cyber threat information sharing and helps recruit top cybersecurity talent. While the sky isn’t falling in on Deputy Secretary Mayorkas and DHS, the failure of Congress to pass updated cybersecurity legislation has hindered the department’s ability to meet the rapidly shifting landscape of cyber threats.

Read more of this post

Task Order 2 for CDM Approaching

Tomas OKeefe_65x85by Tomas O’Keefe, Senior Analyst

Industry has been waiting on more news about the next set of contracts for the Department of Homeland Security’s (DHS) $6B Continuous Diagnostic and Mitigation (CDM) initiative, and we’re finally starting to get some concrete details about what that’s going to entail. DHS, with the aid of the General Service Administration’s (GSA) Federal Systems Integration and Management (FEDSIM) group, is still focusing on phase 1 of the CDM initiative, which is aimed at tackling end point integrity and identifying network vulnerability. There will be additional phases of CDM over the coming years. But we’re now starting to get more details on Task Order 2, which is the next step in the current phase.

However, a bit of recap before we proceed. Back in January of this year, DHS awarded the Task Order 1 to four Continuous Monitoring-as-a-Service (CMaaS) BPA holders for some network and endpoint protection products. In March, DHS and GSA awarded a contract to develop a federal-wide cybersecurity dashboard that departments will submit CDM information to. Ideally, this dashboard will ease the Federal Information Security Management Act (FISMA) reporting requirements on departments, meaning CISOs can spend more of their time protecting networks and less time filling out paperwork.

Read more of this post

%d bloggers like this: